6.3 KiB
Threat Model: [System Name]
Date: [today's date] Scope: [brief system description from Phase 1] Frameworks: STRIDE + MAESTRO 7-Layer + OWASP LLM Top 10 (2025) + OWASP Agentic Top 10 (2026) Status: Advisory — AI-generated. Requires review by a qualified security practitioner.
1. System Description
[2-4 sentence description of what the system does, who uses it, and how it is deployed. Derived from Phase 1 interview answers.]
2. Architecture Overview
[Text-based architecture diagram from Phase 2 component mapping, with trust boundaries marked.]
3. MAESTRO Layer Mapping
| Layer | Components Present | Attack Surface Rating |
|---|---|---|
| L1 Foundation Models | [models used] | [Low/Medium/High] |
| L2 Data and Knowledge | [knowledge files, state files] | [...] |
| L3 Agent Frameworks | [hooks active, permission model] | [...] |
| L4 Tool Integration | [MCP servers, Bash, filesystem] | [...] |
| L5 Agent Capabilities | [commands, agents, skills] | [...] |
| L6 Multi-Agent Systems | [pipelines, delegation patterns] | [...] |
| L7 Ecosystem | [plugins, integrations, CI/CD] | [...] |
4. Threat Catalog
Layer [X] — [Layer Name]
Threat [X.1]: [Short threat title]
| Field | Value |
|---|---|
| STRIDE | [S/T/R/I/D/E] |
| OWASP | [LLM0X or ASI0X] |
| Likelihood | [1-5] — [rationale] |
| Impact | [1-5] — [rationale] |
| Risk Score | [L×I] — [Critical/High/Medium/Low] |
| Wild Exploitation | [Yes/PoC/No] — [cite source if yes] |
Attack scenario: [Concrete description of how this threat plays out in this system.]
Current control status: [Already mitigated / Can be mitigated / Accepted / External]
Recommendation: [Specific, actionable mitigation. Reference the mitigation matrix control type: Automated / Configured / Advisory.]
[Repeat for each threat, grouped by MAESTRO layer]
5. Risk Matrix
| Threat | Layer | STRIDE | OWASP | Score | Priority |
|---|---|---|---|---|---|
| [Threat title] | L[X] | [category] | [ID] | [score] | [Critical/High/Medium/Low] |
[Sorted by score descending]
6. Mitigation Plan
Critical and High Priority Actions
| # | Threat | Action | Control Type | Effort |
|---|---|---|---|---|
| 1 | [Threat] | [Specific action] | Automated/Configured/Advisory | Low/Med/High |
[Sorted by risk priority]
Already Mitigated
| Threat | Control | Evidence |
|---|---|---|
| [Threat] | [What control] | [File or config that confirms it] |
Accepted Risks
| Threat | Rationale | Owner |
|---|---|---|
| [Threat] | [Why accepted] | [Who owns this decision] |
7. Residual Risk Summary
[2-4 sentences summarizing the overall risk posture after applying recommended mitigations. Identify the highest-impact residual risk and what it would take to address it.]
Threat model coverage: [X] threats identified across [Y] MAESTRO layers. Critical: [n] | High: [n] | Medium: [n] | Low: [n]
8. Assumptions and Limitations
- This threat model is based on information provided in the interview session and file analysis at the time of generation. System changes may invalidate findings.
- Threat likelihood ratings reflect the analyst's assessment; actual exploitation depends on attacker capability and motivation not fully modeled here.
- External controls (IAM, network policy, model provider security) are noted as dependencies but not verified.
- This document is advisory. It does not constitute a security audit or penetration test. Engage a qualified security practitioner before production deployment of high-risk systems.
Generated by threat-modeler-agent (llm-security plugin) Frameworks: STRIDE · MAESTRO · OWASP LLM Top 10 (2025) · OWASP Agentic Top 10 (2026)